You can actually set this up without a public IP and port forwarding to the host device if you use a service like Tailscale with the host on your US-IP network set up as an exit node (GL.iNet devices also support Tailscale, but not as exit nodes, only clients). This would allow you to put any device that supports being setup as a Tailscale exit node on whatever network you want to use, and then connect to it by connecting your Beryl AX to the same Tailscale network and setting the exit node as the "Custom Exit Node" in your Beryl AX's Tailscale configuration.
With that said, hosting a VPN/Tailscale server yourself may stretch your bandwidth. A lot of residential plans limit upload speeds to 10Mbps, which would become your maximum download speed in Costa Rica. If that's ok, great. If not, that will be an issue. Anyway, the commercial VPN option is probably better assuming your company won't take issue with it. I'd start using it all the time while still in the US so you can see how they react and to get practice with it.